Don’t Mix Up SHA-1 Hashed Passwords with SHA-1 Signed Certificates

We really must get better at articulating technical risk. I read an article recently around a recent hack for SHA-1 hashed passwords, and where this was then linked to the SHA-1 signature on a digital certificate. The risk on these is not quite the same. For SHA-1 hashed passwords, the actual method of SHA-1 doesn’t really have an weaknesses, but people select passwords which…